Connecting Auth0 (IDP Initiated) and the ComponentSpace SAML v2.0 for .NET stack
One of the things I like about the ComponentSpace stack is that it can operate both as an IDP and as a SP.
SAML has two ways of connecting.
- SP Initiated — this is the usual way. The flow is:
Application → (SAML) → IDP → Authenticate → (SAML token) → Access granted
- IDP Initiated. The flow is:
User → IDP → Authenticate → (Select application) → (SAML token) → Access granted
The end result in both flows is that a SAML token is sent to the application and the application grants access.
IDP Initiated is not used often but I have implemented this on a number of occasions.
Not all IDP support the IDP Initiated flow. Auth0 does and so does ADFS.
The Auth0 IDP Initiated documentation is here.
The Auth0 “ SAMLP Identity Provider” setup is described here.
I followed this Auth0 guide for adding a SAML application.
We need the Client ID.
The IDP Initiated parameters are setup on the SAML Enterprise connection.
Under the “IDP-Initiated SSO” tab, we setup the name of the application (the one that uses the ComponentSpace stack) and the protocol. You can ignore the query string as this is for OpenID Connect only.
The Auth0 IDP Initiated URL is:
where:
- “Auth0Tenant” is the name of your tenant
- “RN…2p” is the Client ID
- “localhost:52901” is the URL of the ComponentSpace MvcExampleServiceProvider example (the page you want to redirect to after authentication)
Invoking this link brings up the Auth0 lock screen (the login screen).
The social providers at the top are because of the way I have configured Auth0. Ignore and login with the user name and password of one of your Auth0 users.
Success.
So we have authenticated with Auth0 directly and have then been redirected to the application with the SAML token that contains the assertions as above.
All good!
